# Address user privacy and safety concerns throughout Level 3

Collecting data on user thoughts and feelings (Level 3) carries significant legal and ethical responsibilities. Because using GenAI models may involve sending data to third-party model providers (e.g., OpenAI, Google, Anthropic), it is important to pay attention to data governance and privacy and safety policies:

1. **Know the Legal Landscape**: Data privacy laws vary by jurisdiction (e.g., Data Protection Act in Kenya, GDPR in Europe). Organizations should consult with legal counsel to define clear Terms of Use and Privacy Policies for the AI products they deploy.
   * Be especially cautious if your user base includes minors or if you are handling sensitive health information or Personally Identifiable Information (PII).
   * Vulnerable Populations: Users with low literacy or digital literacy may not understand standard legal disclaimers. You have an ethical obligation to ensure they genuinely understand how their data will be used.
2. **Industry vs. Academic Standards**: The rules governing data collection and analysis depend on your goals and your partners:
   * Internal Product Improvement (Industry Standard): If you are analyzing data solely to improve the product, this is typically governed by your internal data policies and the user’s consent via Terms of Service. Most organizations ask individuals to consent to data collection when using their products and establish internal procedures for reviewing the safety and ethics of user studies.
   * Generalizable Knowledge (Academic Standard): If you partner with academic researchers or intend to publish your findings as "research," you will likely require Institutional Review Board (IRB) approval. IRBs oversee the ethical treatment of human subjects and ensure informed consent.
3. **Value of Responsible Data**: While user privacy constraints require effort, they enable the safe leveraging of product data to generate concrete intermediate metrics for A/B testing. Sometimes analyzing chat logs and feedback is the only way to optimize your product for users (Level 3) and ensure it is ready to drive development outcomes (Level 4). Responsible data practices build the user trust necessary for this impact.

***

<details>

<summary>💬 Want to suggest edits or provide feedback?</summary>

{% embed url="<https://tally.so/r/A788l0?originPage=level-3-user-evaluation%2Fhow-is-level-3-evaluation-performed%2Fuser-privacy-and-security>" %}

</details>